组网说明:
本案例采用H3C HCL模拟器来模拟器高级IPV6 ACL典型组网配置。要求1::/64网段能PING通SW1,无法PING通SW2。另外R1、SW1、SW2之间运行OSPFV3路由协议。
1、按照网络拓扑图正确配置IP地址
2、R1、SW1、SW2之间运行OSPFV3路由协议
3、R1配置高级IPV6 ACL,实现1::/64网段能PING通SW1,无法PING通SW2。
第一阶段调试(基础网络配置):
SW1:
System View: return to User View with Ctrl+Z.
[H3C]sysname SW1
[SW1]int loopback 0
[SW1-LoopBack0]ip address 2.2.2.2 32
[SW1-LoopBack0]quit
[SW1]ospfv3 1
[SW1-ospfv3-1]import-route direct
[SW1-ospfv3-1]router-id 2.2.2.2
[SW1-ospfv3-1]quit
[SW1]int gi 1/0/1
[SW1-GigabitEthernet1/0/1]port link-mode route
[SW1-GigabitEthernet1/0/1]des
[SW1-GigabitEthernet1/0/1]ipv6 address 2::2 64
[SW1-GigabitEthernet1/0/1]ospfv3 1 area 0
[SW1-GigabitEthernet1/0/1]quit
SW2:
System View: return to User View with Ctrl+Z.
[H3C]sysname SW2
[SW2]int loopback 0
[SW2-LoopBack0]ip address 3.3.3.3 32
[SW2-LoopBack0]quit
[SW2]ospfv3 1
[SW2-ospfv3-1]router-id 3.3.3.3
[SW2-ospfv3-1]import-route direct
[SW2-ospfv3-1]quit
[SW2]int gi 1/0/2
[SW2-GigabitEthernet1/0/2]port link-mode route
[SW2-GigabitEthernet1/0/2]des
[SW2-GigabitEthernet1/0/2]ipv6 address 3::2 64
[SW2-GigabitEthernet1/0/2]ospfv3 1 area 0
[SW2-GigabitEthernet1/0/2]quit
R1:
System View: return to User View with Ctrl+Z.
[H3C]sysname R1
[R1]int loopback 0
[R1-LoopBack0]ip address 1.1.1.1 32
[R1-LoopBack0]quit
[R1]ospfv3 1
[R1-ospfv3-1]import-route direct
[R1-ospfv3-1]router-id 1.1.1.1
[R1-ospfv3-1]quit
[R1]int gi 0/1
[R1-GigabitEthernet0/1]des
[R1-GigabitEthernet0/1]ipv6 address 2::1 64
[R1-GigabitEthernet0/1]ospfv3 1 area 0
[R1-GigabitEthernet0/1]quit
[R1]int gi 0/2
[R1-GigabitEthernet0/2]des
[R1-GigabitEthernet0/2]ipv6 address 3::1 64
[R1-GigabitEthernet0/2]ospfv3 1 area 0
[R1-GigabitEthernet0/2]quit
[R1]int gi 0/0
[R1-GigabitEthernet0/0]ipv6 address 1::1 64
[R1-GigabitEthernet0/0]ospfv3 1 area 0
[R1-GigabitEthernet0/0]quit
第一阶段测试:
分别查看R1、SW1、SW2的OSPF邻居信息:
物理机填写IPV6地址,且能PING通SW1、SW2:
第二阶段调试(高级IPV6 ACL关键配置点):
[R1]acl ipv6 advanced 3000
[R1-acl-ipv6-adv-3000]rule 0 permit ipv6 source 1::/64 destination 2::2 128
[R1-acl-ipv6-adv-3000]rule 1 deny ipv6 source 1::/64 destination 3::2 128
[R1-acl-ipv6-adv-3000]quit
[R1]int gi 0/0
[R1-GigabitEthernet0/0]packet-filter ipv6 3000 inbound
[R1-GigabitEthernet0/0]quit
第二阶段测试:
物理机能PING通SW1:
物理机无法PING通SW2:
查看ACL的匹配情况:
至此,高级IPV6 ACL典型组网配置案例已完成!
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作